WagDev LLC - Data Security Standards
Effective Date: March 9, 2026 Last Updated: March 9, 2026
1. Introduction
WagDev LLC ("Company," "we," "us," or "our") is committed to protecting user data across all our applications. As a small development company, we leverage trusted cloud infrastructure providers and implement practical security measures appropriate for our scale while maintaining high standards for data protection.
2. Our Security Approach
2.1 Core Principles
- Trusted Infrastructure: We use Google Firebase's secure infrastructure rather than managing our own servers
- Data Minimization: We only collect data necessary to provide our services
- Practical Security: We implement security best practices appropriate for our applications
- Transparency: We're clear about how we protect your data
2.2 Compliance Commitment
We design our applications to comply with:
- General Data Protection Regulation (GDPR) requirements
- California Consumer Privacy Act (CCPA) requirements
- Children's Online Privacy Protection Act (COPPA) when applicable
- App store security requirements
3. Technical Security Measures
3.1 Infrastructure Security (Firebase/Google Cloud)
We rely on Firebase and Google Cloud Platform's security infrastructure, which includes:
- Enterprise-Grade Security: Firebase maintains ISO 27001, SOC 1, SOC 2, and SOC 3 certifications
- Encryption: Data is automatically encrypted in transit (TLS 1.2+) and at rest
- Physical Security: Google's data centers maintain 24/7 security monitoring
- Redundancy: Automatic backups and geographic distribution of data
- DDoS Protection: Built-in protection against distributed attacks
3.2 Authentication Security
- Firebase Authentication: We use Firebase's secure authentication system
- Password Security: Passwords are handled by Firebase using industry-standard hashing
- OAuth Providers: When offered, authentication through Google uses their secure OAuth implementation
- Session Management: Firebase handles secure session tokens automatically
3.3 Application-Level Security
- Secure Development Practices: Code review before deployment
- Firebase Security Rules: Properly configured rules to ensure users can only access their own data
- API Security: All API calls use Firebase's built-in security
- Regular Updates: We keep Firebase SDKs and dependencies updated
4. Data Access Controls
4.1 User Access
- Authentication Required: Users must authenticate to access their data
- Data Isolation: Firebase Security Rules ensure users can only access their own data
- Shared Access: When features allow sharing (premium features), access is explicitly controlled
4.2 Administrative Access
- Limited Access: Only the company owner has administrative access to Firebase
- Firebase Console: Administrative actions are logged by Firebase
- No Direct Database Access: All data access goes through Firebase's secure APIs
5. Data Handling Practices
5.1 What We Store
- Account Data: Email, authentication tokens (managed by Firebase)
- User Content: App-specific data you create (stored in Firebase Firestore)
- Photos: Images you upload (stored in Firebase Storage)
- Analytics: Anonymous usage data (Firebase Analytics)
5.2 What We Don't Store
- Payment Information: Handled by RevenueCat and the platform app stores - we never see your payment card details
- Passwords: Managed by Firebase Authentication - we cannot access them
5.3 Data Location
- Primary Storage: Your data is stored in Google's secure data centers
- Geographic Location: Data is typically stored in the United States
- Backup: Firebase automatically handles data backup and redundancy
6. Third-Party Services
6.1 Our Service Providers
We carefully selected these providers for their security practices:
Firebase (Google)
- Handles all data storage, authentication, and hosting
- SOC 1/2/3, ISO 27001 certified
- GDPR compliant with Data Processing Amendment
Sentry (Functional Software, Inc.)
- Monitors application errors and performance
- Receives error data and device metadata only
RevenueCat, Inc. (for apps with subscriptions)
- Manages in-app subscription lifecycle
- Receives anonymized purchase and subscription status data
6.2 No Additional Third Parties
- We don't use advertising networks
- We don't sell or share your data with marketing companies
7. Practical Security Measures
7.1 Development Security
- Version Control: Secure code repository with protected main branch
- Secrets Management: API keys and secrets stored securely, never in code
- Testing: Basic security testing before each release
- Code Review: Self-review with security checklist
7.2 Operational Security
- Monitoring: Firebase provides automated alerts for errors and issues
- Updates: Regular updates to address security issues
- Incident Response: Direct communication channel (support@wag.dev) for security concerns
7.3 Physical Security
- Development Environment: Secured development computer with encryption
- Two-Factor Authentication: Enabled on all development accounts
- Secure Networks: Development only on secure networks
8. User Security Features
8.1 Built-In Protections
- Secure Authentication: Via Firebase's proven system
- Data Export: Ability to export your data at any time
- Account Deletion: Complete deletion of your data upon request
- Access Control: You control who can access shared data (premium features)
8.2 Security Best Practices for Users
We recommend:
- Using strong, unique passwords
- Enabling two-factor authentication where available
- Keeping your app updated
- Being cautious about what information you share
9. Data Breach Response
9.1 Our Commitment
While Firebase's infrastructure greatly reduces breach risk, if a security incident occurs:
- We will investigate immediately
- We will notify affected users within 72 hours
- We will provide clear information about what happened
- We will take steps to prevent recurrence
9.2 Firebase's Security
Firebase has never had a major security breach, but they maintain:
- 24/7 security monitoring
- Automated threat detection
- Expert security response team
- Regular security audits
10. Your Privacy Rights
10.1 Data Control
Our apps provide built-in features for:
- Viewing your data (within the app)
- Exporting your data (CSV export)
- Deleting your account and all data
- Controlling sharing permissions (premium features)
10.2 Data Requests
Contact privacy@wag.dev to:
- Request additional information about your data
- Report privacy concerns
- Exercise additional privacy rights
11. Continuous Improvement
11.1 Regular Reviews
- Quarterly review of Firebase security rules
- Annual review of security practices
- Staying informed about Firebase security updates
- Responding to user security feedback
11.2 Future Enhancements
As we grow, we plan to:
- Implement additional security monitoring
- Consider third-party security audits
- Expand security features based on user needs
- Maintain our commitment to practical, effective security
12. Transparency
12.1 What This Means for You
- Your data is protected by Google's enterprise security infrastructure
- We can't see your passwords or payment information
- You control your data with export and deletion options
- We're accountable and respond quickly to security concerns
12.2 Limitations
As a small company:
- We rely on Firebase's security rather than custom infrastructure
- We don't have a dedicated security team
- We focus on practical, proven security measures
- We're transparent about our capabilities and limitations
13. Contact Information
For Security Concerns:
Email: security@wag.dev
Response Time: Within 48 hours
For Privacy Questions:
Email: privacy@wag.dev
General Contact:
Email: support@wag.dev
Reporting Security Issues:
If you discover a security vulnerability:
- Email security@wag.dev immediately
- Include detailed information about the issue
- Do not share the vulnerability publicly
- We'll acknowledge receipt within 48 hours
These Data Security Standards reflect our commitment to protecting your data while being transparent about our size and capabilities. We leverage enterprise-grade infrastructure through Firebase while focusing on security practices appropriate for our scale.